How to Secure G Suite: 3 Tips for Administrators

1641927416 How to Secure G Suite 3 Tips for Administrators

With the following options, G Suite administrator can password protect, secure sign-in, and significantly reduce phishing for your organization.

Image: Andy Wolber / TechRepublic

The AG Suite administrator has access to hundreds of settings that affect how Google's collaborative tools work for people in an organization. These tools include settings for Google Drive shared documents, Chrome browser behavior, as well as mobile device and app management. A sensible G Suite administrator will periodically review many of these options. See 5 Important Tasks for G Suite Administrators for a list of specific items to explore.

What's Hot at TechRepublic

The following steps are three of the most important actions that G Suite administrator can take to protect group data. In order, these steps will help protect your organization's email communications, guard against unauthorized account access, and warn people in your organization of password problems. could be.

Anyone can run the first test below to check your domain name system (DNS) configuration, but you need administrator access to both G Suite and your domain's DNS settings to run all three fully configure the following G Suite security components.

SEE: G Suite: Tips and tricks for business professionals (download TechRepublic)


    Verify G Suite mail exchange records

    Properly configured DNS and mail exchange (MX) records make it difficult for people outside your organization to falsely send an email that appears to be from an account in your organization. In particular, Sender Policy Framework (SPF), DomainKeys Identification Mail (DKIM), and land-based Message Verification, Reporting, and Compatibility (DMARC) registers work together to prevent unsolicited email reject from people in your group.

    Follow these steps to make sure your MX records are properly configured for G Suite.

    1. Go to
    2. Select Check MX.
    3. Enter the domain you have configured for use with G Suite in the text box below Domain Name (e.g.,
    4. Choose Run Checks!
    5. Wait a few minutes for the system to monitor your system DNS and MX records.
    6. If issues are identified, the system will display a shock signal inside a yellow or red triangle. Yellow indicates a problem, and red indicates an issue that could prevent mail delivery.
    7. Next to identified problems, the system shows a link to an article related to the G Suite Help center with instructions on how to fix the issue. Follow the instructions to complete the configuration of your MX records, as well as all SPF, DKIM, and DMARC settings. Proper modification and configuration of DNS settings can take time to deploy, so this may take several days to complete.
    8. Repeat the process until the system shows a green token next to your domain name, along with a message "No problem was found with the configuration of this domain" (Figure A).

    Figure A

    Screenshots: (left) comes from with errors and links to the Help Center guide, (right) same for, with no errors identified.

    The G Suite Check MX toolbox can confirm that a group's G Suite domain name settings are configured correctly. The example on the left shows an example with objects that need attention and change, and the example on the right, without errors marked, shows a more secure configuration.

    Enable 2-step Verification

    Each group using G Suite should allow people in the group to enable 2-step authentication. Once enabled, people not only need an account name and password to sign in, but also an additional method, such as Security Key, Google Prompt, or Google Authenticator, among others. others.

    READ  Here's how Android '12L' makes tablets and folders better

    To enable 2-step verification for people in your group (Figure B):
    1. Sign in with your G Suite administrator account.
    2. Select Security | Default settings, then check the box next to Allow users to turn on 2-step verification. Select Save to apply your preferences.
    3. If you want to ask people to use 2-Step Verification, select Go to Advanced Options to implement 2-Step Verification. Within the advanced options, you can turn the application on, limit the authentication methods, and select a new user registration time.

    Figure B

    Screenshot of advanced 2-step verification scenarios, which may prevent the type of verification from being accepted.

    The AG Suite administrator can enable 2-step authentication, either for everyone or for specific organizational units. For added security, a 2-step Verification may be required.

    Pay attention: You can apply different 2-step Proofing requirements to different groups of people by selecting an organizational unit. This allows you, for example, to put some accounts - such as G Suite administrators, executives, and people with access to sensitive information - in an organizational unit that requires two - step verification. In a school setting, for example, some staff may be placed in an organizational unit that requires 2-degree verification, and students may be placed in an organizational unit that does not require .

    Install Chrome password extensions

    Google provides two extensions that help protect passwords for people who use Chrome on a computer. The Password Alert extension notifies people when they sign in with their Google account password to any site other than the actual Google sign-in service. The Password Checkup extension notifies people when a password they use on a service has been part of a publicly identifiable data breach. Together, the two extensions raise awareness of password problems.

    The AG Suite administrator can select Force to install these extensions for people within the organization (Figure C).

    1. Sign in with your G Suite administrator account.
    2. Go to
    3. Hover the cursor over the yellow circle with its + in it (bottom right), then select the square grid with nine squares in it, Add Chrome App Or Extension With ID. Copy and paste the extension ID Password Alert -noondiphcddnnabmjcihcjfbhfklnnep- into the ID extension box, then select Save.
    4. Hover the cursor over the yellow circle with a + in it (bottom right), then select the square grid with nine squares in it, Add Chrome App Or Extension With ID. Copy and paste the extension ID Password Checkup -pncabnpcffmalkkjpajodfhijclecjno- into the ID extension box, then select Save.
    5. Next to the Password Alert extension, select the drop-down menu, select Force Install, and then select Save.
    6. Next to the Password Checkup extension, select the drop-down menu, select Force Install, and then select Save.

    Figure C

    Capture of G Suite administrator page with the two password extensions appearing, with the

    G Suite administrator can choose “Install Force” extensions in Chrome. For example, an administrator could configure the system to install both Google Password and Google Password Checkup extension in Chrome for people in a group.

    What is your favorite G Suite security configuration?

    The above three steps allow the G Suite administrator to secure the email and G Suite accounts of the organization, as well as other passwords. If you use G Suite or are a G Suite administrator, what additional steps (if any) do you take to protect your organization 's accounts and data? Let me know in the comments below or on Twitter (@amholber).

    See also

    Related Posts

    Deja una respuesta

    Tu dirección de correo electrónico no será publicada.


    We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information